Import bind 9.20.24 (previous was 9.20.23)
Security Fixes
==============
Fix DNS64 owner case after DNAME restart. 4de2229364
When BIND 9 is configured to use DNS64 and encounters a DNAME redirect, it
could end up using freed memory for the DNS response owner name. This caused
the response to contain corrupted data. This fix ensures the correct owner
name is used when constructing the synthesized response after a DNAME
redirect.
ISC thanks Qifan Zhang of Palo Alto Networks for reporting the issue. [GL #5934]
New Features
============
Enable PR-Agent reviews on merge requests. 46e4c236a3
Adds a CI job that runs PR-Agent against each merge request opened from the
[143 lines not shown]
wip/py27-renpy: import py27-renpy-6.99.12.4
Ren'Py is a visual novel engine that helps you use words, images,
and sounds to tell stories with the computer. These can be both
visual novels and life simulation games. The easy to learn script
language allows you to efficiently write large visual novels, while
its Python scripting is enough for complex simulation games.
This is Python 2.7 based Ren'Py.
This is imported to play "Doki Doki Literature Club!".
wip/py27-game_sdl2: import py27-game_sdl2-2.1.0.06991204
Pygame is a set of Python modules designed for writing games. It is written on
top of the excellent SDL library. This allows you to create fully featured
games and multimedia programs in the python language. Pygame is highly
portable and runs on nearly every platform and operating system.
This package is solely for wip/py27-renpy.
wip/py27-cython: import py27-cython-0.26
The Cython language makes writing C extensions for the Python language
as easy as Python itself. Cython is a source code translator based on
the well-known Pyrex, but supports more cutting edge functionality and
optimizations.
The Cython language is very close to the Python language (and most
Python code is also valid Cython code), but Cython additionally supports
calling C functions and declaring C types on variables and class
attributes. This allows the compiler to generate very efficient C code
from Cython code.
This makes Cython the ideal language for writing glue code for external
C libraries, and for fast C modules that speed up the execution of
Python code.
net/bind: update to version 9.18.50.
Pkgsrc changes:
* None (just version + checksums)
Upstream changes:
Notes for BIND 9.18.50
----------------------
Removed Features
~~~~~~~~~~~~~~~~
- Remove ineffective TCP fallback after repeated UDP timeouts.
When an authoritative server failed to respond to two consecutive UDP
queries, :iscman:`named` marked the next retry as TCP but still sent
it over UDP, producing misleading dnstap records. The ineffective
retry path has been removed; a corrected TCP fallback will be restored
[34 lines not shown]
zino: update to version 2.5.1.
Pkgsrc changes:
* version-bump + checksums + PLIST update.
* Require 0.2.1 of py-netsnmp-cffi.
Upstream changes:
- Add `zping` CLI utility to check if a Zino daemon is alive by
querying its SNMP agent for uptime.
([#528](https://github.com/Uninett/zino/issues/528))
- Configuration errors in `zino.toml` now report the underlying
parser message (with line and column) for syntax errors, and
friendlier messages â<80><94> including key suggestions â<80><94>
for validation errors. ([#539](https://github.com/Uninett/zino/issues/539))
- Single-interface link state verification no longer crashes with
an `AssertionError` when the target interface has disappeared from
[13 lines not shown]
py-netsnmp-cffi: upgrade to version 0.2.1.
Pkgsrc changes:
* Version + checksum updates.
Upstream changes:
Fixed
* Fix ffi.error from a size mismatch between the cdef and the
real C layout of struct enum_list, by marking the cdef declaration
as flexible. The mismatch caused crashes on platforms where
CFFI verifies struct sizes against the C compiler (e.g.
NetBSD/pkgsrc builds of net-snmp), any time MIB enumerations
were looked up. (#23)
Added
* Test suite now also tests on Python 3.13 and 3.14.
* Wheel build/publish process also builds wheels for Python 3.13 and 3.14.
lhasa: update to 0.6.0
pkgsrc change:
- take maintainership
Upstream changelog:
https://github.com/fragglet/lhasa/blob/v0.6.0/NEWS.md
## v0.6.0 (2026-06-17):
* This release fixes a read overflow in the -pm2- decoder, where a
specially-crafted -pm2- sequence could cause reads from beyond the
end of the `copy_decode[]` array. However, it is not believed to be
an exploitable bug so this is not a security issue. Thanks to
Yukimura / @damseleng for reporting the bug.
* Archived files with empty filenames are now skipped over during
extract so that subsequent files can be extracted properly. This
allows some files in the Aminet archive to be extracted that were
previously only partially extracted (thanks @polluks).
[2 lines not shown]
ruby-nokogiri: update to 1.19.4
Upstream changelog:
https://github.com/sparklemotion/nokogiri/releases/tag/v1.19.4
v1.19.4 / 2026-06-18
Security
* [CRuby] (Low) Fixed a possible invalid memory read when XML::Node#
initialize_copy_with_args is called with an argument that is not a
Node. See GHSA-g9g8-vgvw-g3vf for more information.
* [CRuby] (Low) Fixed a possible use-after-free when an
XML::XPathContext is used after its source document has been
garbage collected. See GHSA-p67v-3w7g-wjg7 for more information.
* [CRuby] (Low) Fixed a possible use-after-free during XInclude
processing via Node#do_xinclude. See GHSA-wfpw-mmfh-qq69 for more
information.
* [CRuby] (Low) Fixed a possible use-after-free when Document#root=
[21 lines not shown]
postgis: Drop MAINTAINERship
Upstream has suddenly become very LLM. I'll probably still do
updates, but I don't want to be viewed as having any responsibility
for this.
